Quote: Silk Road 2 moderator Defcon reported in a forum post that hackers have used a transaction malleability exploit to hack the marketplace. The hackers stole over 88,000 bitcoins worth $41,474,415, emptying the site’s escrow account.

The site used a central escrow service to send bitcoins from buyers to sellers. The hackers exploited the transaction malleability bug – essentially a way users can mask transfers and ask for the same amount of BTC multiple times – to clean out this wallet. This is the same bug that forced Mt. Gox to halt all withdrawals and recent updates have made average bitcoin wallets secure against this sort of attack. According to the site, hackers used the Silk Road’s automatic transaction verification system to order from each other and then request refunds for unshipped goods. Hackers were able to use the transaction malleability bug because the Silk Road used only transaction ID to confirm the transfer of bitcoins. You can read more about the problem here.

They supposedly run an automated refund system for their vendors that relies on the TXID to verify transactions. Their claim is that six vendors colluded to exploit that system by ordering from one another and then submitting circular refund requests.

Defcon is calling on the hackers to return the bitcoin. “Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward,” the moderator wrote.

The site’s users are currently attempting to track down the thief. Writes Defcon:

Quote: # Attacker 1: (Responsible for 95% of theft)
Suspected French, responsible for vast majority of the thefts. Used the following six vendor accounts to order from each other, to find and exploit the vulnerability aggressively.
## Usernames used:
narco93
ketama
riccola
germancoke
napolicoke
smokinglife

News of the theft has driven the price of BTC down by about 50 points and it’s currently hovering at 600. We’ll post more information on the hack and the exploit as we get it. Defcon, for his part, is calling for further decentralization of online markets and currency.

“No marketplace is perfect. Expect any centralized market to fail at some point. This is precisely why we must unite in the decision to decentralize,” he wrote.

What he means by decentralization is twofold:
- Services competing with The Silk Road, so that a successful attack on a service doesn't break the broader marketplace completely.
- More importantly: Cryptocurrencies competing with Bitcoin itself, so that a successful attack on any one cryptocurrency doesn't destabilize all cryptocurrency-based markets at once.

What isn't apparent to me is:
a) How a marketplace relying on the questionable technical aptitude of a diverse set of providers is preferable to a market place relying on the questionable technical aptitude of a single provider. Saying that there should be nothing in the crypto-based economy "too big to fail" is great, but it's not obvious to me how a banking system that isn't backed by something like the FDIC can be tolerable for consumers at all. What does an insurance marketplace that transacts in Bitcoin even look like?
b) How a marketplace that is currently unstable due to its use of a single cryptocurrency (Bitcoin) because of ease-of-use problems with that currency can be stable in its use of multiple cryptocurrencies, each of which will have its own unique ease-of-use problems and will be subject to its own distinct systemic risks.

I'm not even talking about the borderline science fiction shit like using quantum computers to break the currency's foundational encryption. Just simple stuff like the transaction malleability problem in that TechCrunch article above, or the possibility of massive fluctuation in the value of BTC on a day-to-day basis, or weaknesses in SHA-256 breaking it to the degree that cryptographers have successfully broken MD5, or widespread malware stealing a large number of Bitcoin private keys in a short period of time.

Most of these problems becomes legion as the edifice of a single cryptocurrency is gradually replaced by a proliferation of competing cryptocurrencies. The lack of centralized control that allows currencies like this to exist in the first place also makes these kinds of attacks catastrophic if they succeed.

The last Bitcoin is projected to be mined over a hundred years from now. Human beings have not yet invented a cryptographic hash function that has stood intact for a quarter of that time.

I'm trying to figure out how to explain Bitcoin more concisely. Here's what I have so far:

1. There's a class of math problem which is hard to solve but easy to prove that you have solved.

2. There's a distributed community where you can post solutions to problems in this class. First person to post a given solution gets a Bitcoin assigned to their wallet.

3. Wallets are implemented using public key cryptography. You can use the private key associated with your wallet to give your Bitcoin to someone else if you know the public key of their wallet. These transactions are also recorded by the distributed community, and cannot be reversed.

4. Knowledge of which Bitcoins are in which wallets is therefore a matter of public record by definition. No public record equals no ownership.

5. Accepting Bitcoin as payment exposes you to the same risks as any transfer of title. Offering Bitcoin as payment exposes you to the same risks as use of eBay, Craigslist, or similar. The solutions are also similar: escrow, hawala, reputation systems. Laws and customs built up around trust networks.

Mon Mar 03, 2014 5:17 pm

jakethesnakeguy who cried about wrestling being real

Joined: 03 Feb 2006
Posts: 6311
Location: airstrip one

I see two problems with BTC. One, Mark has pretty much outlined here, whether intentionally or accidentally. It takes a book to explain wtf a BTC is.

Second problem: What happens when everyone loses their BTC passwords? No more BTC. It's a currency destined to be forgotten.

It takes a book to explain how titles to land work. This is less complicated than that, but has a lot of concepts and problems in common with it.

The first problem is an engineering problem. People only have to understand how it works until they can trust the tools to safely abstract it away for them, and that's coming.

The second problem is in some ways self-correcting and is in some ways novel and specific to cryptocurrency. But as a friend of mine likes to say: it's just data, we can always get more. Bitcoin is the first cryptocurrency but our world economy will not standardize one just one. Some can never run out.